tor-browser

imports.lock (107570B)

---

# cargo-vet imports lock

[[publisher.aho-corasick]]
version = "1.1.0"
when = "2023-09-18"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.anstyle]]
version = "1.0.8"
when = "2024-07-25"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.async-trait]]
version = "0.1.68"
when = "2023-03-24"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.atomic]]
version = "0.4.6"
when = "2020-07-05"
user-id = 2915
user-login = "Amanieu"
user-name = "Amanieu d'Antras"

[[publisher.audio_thread_priority]]
version = "0.34.0"
when = "2025-08-13"
user-id = 1258
user-login = "padenot"
user-name = "Paul Adenot"

[[publisher.authenticator]]
version = "0.5.0"
when = "2025-10-22"
user-id = 175410
user-login = "jschanck"
user-name = "John Schanck"

[[publisher.bhttp]]
version = "0.7.2"
when = "2025-12-11"
user-id = 128763
user-login = "martinthomson"
user-name = "Martin Thomson"

[[publisher.breakpad-symbols]]
version = "0.24.0"
when = "2025-01-06"
user-id = 72814
user-login = "gabrielesvelto"
user-name = "Gabriele Svelto"

[[publisher.bumpalo]]
version = "3.15.4"
when = "2024-03-07"
user-id = 696
user-login = "fitzgen"
user-name = "Nick Fitzgerald"

[[publisher.byteorder]]
version = "1.5.0"
when = "2023-10-06"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.bytes]]
version = "1.4.0"
when = "2023-01-31"
user-id = 6741
user-login = "Darksonn"
user-name = "Alice Ryhl"

[[publisher.cachemap2]]
version = "0.3.0"
when = "2024-01-19"
user-id = 106639
user-login = "afranchuk"
user-name = "Alex Franchuk"

[[publisher.cc]]
version = "1.0.89"
when = "2024-03-04"
user-id = 2915
user-login = "Amanieu"
user-name = "Amanieu d'Antras"

[[publisher.cexpr]]
version = "0.6.0"
when = "2021-10-11"
user-id = 3788
user-login = "emilio"
user-name = "Emilio Cobos Álvarez"

[[publisher.chardetng]]
version = "0.1.17"
when = "2021-12-23"
user-id = 4484
user-login = "hsivonen"
user-name = "Henri Sivonen"

[[publisher.clap]]
version = "4.5.16"
when = "2024-08-15"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.clap_derive]]
version = "4.5.13"
when = "2024-07-31"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.clap_lex]]
version = "0.7.2"
when = "2024-07-25"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.clubcard]]
version = "0.3.2"
when = "2024-10-08"
user-id = 175410
user-login = "jschanck"
user-name = "John Schanck"

[[publisher.clubcard-crlite]]
version = "0.3.0"
when = "2024-10-14"
user-id = 175410
user-login = "jschanck"
user-name = "John Schanck"

[[publisher.core-foundation]]
version = "0.9.3"
when = "2022-02-07"
user-id = 5946
user-login = "jrmuizel"
user-name = "Jeff Muizelaar"

[[publisher.core-foundation-sys]]
version = "0.8.4"
when = "2023-04-03"
user-id = 5946
user-login = "jrmuizel"
user-name = "Jeff Muizelaar"

[[publisher.core-graphics]]
version = "0.22.3"
when = "2021-11-02"
user-id = 5946
user-login = "jrmuizel"
user-name = "Jeff Muizelaar"

[[publisher.core-graphics-types]]
version = "0.1.1"
when = "2020-09-15"
user-id = 2396
user-login = "jdm"
user-name = "Josh Matthews"

[[publisher.core-text]]
version = "19.2.0"
when = "2021-02-14"
user-id = 5946
user-login = "jrmuizel"
user-name = "Jeff Muizelaar"

[[publisher.derive_arbitrary]]
version = "1.4.1"
when = "2024-11-05"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"

[[publisher.derive_more]]
version = "2.0.1"
when = "2025-02-03"
user-id = 3797
user-login = "JelteF"
user-name = "Jelte Fennema-Nio"

[[publisher.derive_more-impl]]
version = "2.0.1"
when = "2025-02-03"
user-id = 3797
user-login = "JelteF"
user-name = "Jelte Fennema-Nio"

[[publisher.dogear]]
version = "0.4.0"
when = "2019-09-16"
user-id = 27901
user-login = "linabutler"
user-name = "Lina Butler"

[[publisher.dtoa]]
version = "0.4.8"
when = "2021-03-29"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.encoding_rs]]
version = "0.8.35"
when = "2024-10-24"
user-id = 4484
user-login = "hsivonen"
user-name = "Henri Sivonen"

[[publisher.errno]]
version = "0.3.8"
when = "2023-11-28"
user-id = 6825
user-login = "sunfishcode"
user-name = "Dan Gohman"

[[publisher.etagere]]
version = "0.2.13"
when = "2024-06-17"
user-id = 1281
user-login = "nical"
user-name = "Nicolas Silva"

[[publisher.euclid]]
version = "0.22.10"
when = "2024-05-21"
user-id = 1281
user-login = "nical"
user-name = "Nicolas Silva"

[[publisher.framehop]]
version = "0.13.0"
when = "2024-07-24"
user-id = 20227
user-login = "mstange"
user-name = "Markus Stange"

[[publisher.freetype]]
version = "0.7.0"
when = "2020-07-14"
user-id = 2396
user-login = "jdm"
user-name = "Josh Matthews"

[[publisher.gleam]]
version = "0.15.0"
when = "2023-04-21"
user-id = 5946
user-login = "jrmuizel"
user-name = "Jeff Muizelaar"

[[publisher.glean]]
version = "66.2.0"
when = "2025-12-09"
user-id = 48
user-login = "badboy"
user-name = "Jan-Erik Rediger"

[[publisher.glean-core]]
version = "66.2.0"
when = "2025-12-09"
user-id = 48
user-login = "badboy"
user-name = "Jan-Erik Rediger"

[[publisher.glslopt]]
version = "0.1.11"
when = "2024-08-30"
user-id = 84794
user-login = "jamienicol"
user-name = "Jamie Nicol"

[[publisher.h2]]
version = "0.3.26"
when = "2024-04-03"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.hashbrown]]
version = "0.14.5"
when = "2024-04-28"
user-id = 2915
user-login = "Amanieu"
user-name = "Amanieu d'Antras"

[[publisher.hawk]]
version = "5.0.1"
when = "2024-09-13"
user-id = 158511
user-login = "lotas"
user-name = "Yaraslau Kurmyza"

[[publisher.headers]]
version = "0.3.9"
when = "2023-08-31"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.httparse]]
version = "1.8.0"
when = "2022-08-30"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.hyper]]
version = "0.14.32"
when = "2024-12-16"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.inherent]]
version = "1.0.7"
when = "2023-03-25"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.io-surface]]
version = "0.15.1"
when = "2020-06-30"
user-id = 2396
user-login = "jdm"
user-name = "Josh Matthews"

[[publisher.iovec]]
version = "0.1.4"
when = "2019-10-09"
user-id = 10
user-login = "carllerche"
user-name = "Carl Lerche"

[[publisher.itoa]]
version = "1.0.11"
when = "2024-03-26"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.jobserver]]
version = "0.1.25"
when = "2022-09-23"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"

[[publisher.libc]]
version = "0.2.153"
when = "2024-01-31"
user-id = 51017
user-login = "JohnTitor"
user-name = "Yuki Okushi"

[[publisher.linux-raw-sys]]
version = "0.4.14"
when = "2024-05-17"
user-id = 6825
user-login = "sunfishcode"
user-name = "Dan Gohman"

[[publisher.lock_api]]
version = "0.4.9"
when = "2022-09-20"
user-id = 2915
user-login = "Amanieu"
user-name = "Amanieu d'Antras"

[[publisher.macho-unwind-info]]
version = "0.4.0"
when = "2024-01-17"
user-id = 20227
user-login = "mstange"
user-name = "Markus Stange"

[[publisher.memchr]]
version = "2.7.4"
when = "2024-06-14"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.mime]]
version = "0.3.16"
when = "2020-01-07"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.minidump]]
version = "0.24.0"
when = "2025-01-06"
user-id = 72814
user-login = "gabrielesvelto"
user-name = "Gabriele Svelto"

[[publisher.minidump-common]]
version = "0.24.0"
when = "2025-01-06"
user-id = 72814
user-login = "gabrielesvelto"
user-name = "Gabriele Svelto"

[[publisher.minidump-unwind]]
version = "0.24.0"
when = "2025-01-06"
user-id = 72814
user-login = "gabrielesvelto"
user-name = "Gabriele Svelto"

[[publisher.nss-gk-api]]
version = "0.3.0"
when = "2023-06-14"
user-id = 175410
user-login = "jschanck"
user-name = "John Schanck"

[[publisher.num]]
version = "0.4.3"
when = "2024-05-08"
user-id = 539
user-login = "cuviper"
user-name = "Josh Stone"

[[publisher.num-bigint]]
version = "0.4.6"
when = "2024-06-27"
user-id = 539
user-login = "cuviper"
user-name = "Josh Stone"

[[publisher.num-complex]]
version = "0.4.6"
when = "2024-05-07"
user-id = 539
user-login = "cuviper"
user-name = "Josh Stone"

[[publisher.num_cpus]]
version = "1.16.0"
when = "2023-06-29"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.ohttp]]
version = "0.7.2"
when = "2025-12-11"
user-id = 128763
user-login = "martinthomson"
user-name = "Martin Thomson"

[[publisher.ordered-float]]
version = "3.4.0"
when = "2022-11-06"
user-id = 2017
user-login = "mbrubeck"
user-name = "Matt Brubeck"

[[publisher.parking_lot]]
version = "0.12.3"
when = "2024-05-24"
user-id = 2915
user-login = "Amanieu"
user-name = "Amanieu d'Antras"

[[publisher.parking_lot_core]]
version = "0.9.10"
when = "2024-04-25"
user-id = 2915
user-login = "Amanieu"
user-name = "Amanieu d'Antras"

[[publisher.paste]]
version = "1.0.11"
when = "2022-12-17"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.pe-unwind-info]]
version = "0.2.3"
when = "2024-03-04"
user-id = 106639
user-login = "afranchuk"
user-name = "Alex Franchuk"

[[publisher.phf]]
version = "0.13.1"
when = "2025-08-23"
user-id = 51017
user-login = "JohnTitor"
user-name = "Yuki Okushi"

[[publisher.phf_codegen]]
version = "0.13.1"
when = "2025-08-23"
user-id = 51017
user-login = "JohnTitor"
user-name = "Yuki Okushi"

[[publisher.phf_generator]]
version = "0.13.1"
when = "2025-08-23"
user-id = 51017
user-login = "JohnTitor"
user-name = "Yuki Okushi"

[[publisher.phf_macros]]
version = "0.13.1"
when = "2025-08-23"
user-id = 51017
user-login = "JohnTitor"
user-name = "Yuki Okushi"

[[publisher.phf_shared]]
version = "0.13.1"
when = "2025-08-23"
user-id = 51017
user-login = "JohnTitor"
user-name = "Yuki Okushi"

[[publisher.presser]]
version = "0.3.1"
when = "2022-10-16"
user-id = 52553
user-login = "embark-studios"

[[publisher.prio]]
version = "0.16.2"
when = "2024-03-19"
user-id = 213776
user-login = "divviup-github-automation"

[[publisher.proc-macro2]]
version = "1.0.101"
when = "2025-08-16"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.qcms]]
version = "0.3.0"
when = "2024-01-09"
user-id = 5946
user-login = "jrmuizel"
user-name = "Jeff Muizelaar"

[[publisher.quote]]
version = "1.0.36"
when = "2024-04-10"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.ref-cast]]
version = "1.0.24"
when = "2025-03-03"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.ref-cast-impl]]
version = "1.0.24"
when = "2025-03-03"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.regex]]
version = "1.10.4"
when = "2024-03-23"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.regex-automata]]
version = "0.4.7"
when = "2024-06-09"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.rust_cascade]]
version = "1.5.0"
when = "2023-04-05"
user-id = 57462
user-login = "mozkeeler"
user-name = "Dana Keeler"

[[publisher.rustix]]
version = "0.38.34"
when = "2024-04-22"
user-id = 6825
user-login = "sunfishcode"
user-name = "Dan Gohman"

[[publisher.ryu]]
version = "1.0.12"
when = "2022-12-17"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.same-file]]
version = "1.0.6"
when = "2020-01-11"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.scopeguard]]
version = "1.1.0"
when = "2020-02-16"
user-id = 2915
user-login = "Amanieu"
user-name = "Amanieu d'Antras"

[[publisher.serde]]
version = "1.0.227"
when = "2025-09-25"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.serde_bytes]]
version = "0.11.9"
when = "2023-02-05"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.serde_core]]
version = "1.0.227"
when = "2025-09-25"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.serde_derive]]
version = "1.0.227"
when = "2025-09-25"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.serde_json]]
version = "1.0.140"
when = "2025-03-03"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.serde_repr]]
version = "0.1.12"
when = "2023-03-18"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.syn]]
version = "2.0.106"
when = "2025-08-16"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.termcolor]]
version = "1.4.1"
when = "2024-01-10"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.thiserror]]
version = "2.0.12"
when = "2025-03-03"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.thiserror-impl]]
version = "2.0.12"
when = "2025-03-03"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.thread_local]]
version = "1.1.8"
when = "2024-02-20"
user-id = 2915
user-login = "Amanieu"
user-name = "Amanieu d'Antras"

[[publisher.threadbound]]
version = "0.1.5"
when = "2022-12-17"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.tokio]]
version = "1.45.1"
when = "2025-05-24"
user-id = 6741
user-login = "Darksonn"
user-name = "Alice Ryhl"

[[publisher.tokio-macros]]
version = "2.5.0"
when = "2025-01-08"
user-id = 6741
user-login = "Darksonn"
user-name = "Alice Ryhl"

[[publisher.tokio-util]]
version = "0.7.2"
when = "2022-05-15"
user-id = 6741
user-login = "Darksonn"
user-name = "Alice Ryhl"

[[publisher.toml]]
version = "0.9.8"
when = "2025-10-09"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.toml_datetime]]
version = "0.7.3"
when = "2025-10-09"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.toml_parser]]
version = "1.0.4"
when = "2025-10-09"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.toml_writer]]
version = "1.0.4"
when = "2025-10-09"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.typeid]]
version = "1.0.3"
when = "2025-03-04"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.unicode-ident]]
version = "1.0.6"
when = "2022-12-17"
user-id = 3618
user-login = "dtolnay"
user-name = "David Tolnay"

[[publisher.unicode-width]]
version = "0.2.0"
when = "2024-09-19"
user-id = 1139
user-login = "Manishearth"
user-name = "Manish Goregaokar"

[[publisher.uniffi]]
version = "0.29.3"
when = "2025-06-06"
user-id = 127697
user-login = "bendk"

[[publisher.uniffi_bindgen]]
version = "0.29.3"
when = "2025-06-06"
user-id = 127697
user-login = "bendk"

[[publisher.uniffi_build]]
version = "0.29.3"
when = "2025-06-06"
user-id = 127697
user-login = "bendk"

[[publisher.uniffi_core]]
version = "0.29.3"
when = "2025-06-06"
user-id = 127697
user-login = "bendk"

[[publisher.uniffi_internal_macros]]
version = "0.29.3"
when = "2025-06-06"
user-id = 127697
user-login = "bendk"

[[publisher.uniffi_macros]]
version = "0.29.3"
when = "2025-06-06"
user-id = 127697
user-login = "bendk"

[[publisher.uniffi_meta]]
version = "0.29.3"
when = "2025-06-06"
user-id = 127697
user-login = "bendk"

[[publisher.uniffi_pipeline]]
version = "0.29.3"
when = "2025-06-06"
user-id = 127697
user-login = "bendk"

[[publisher.uniffi_testing]]
version = "0.29.3"
when = "2025-06-06"
user-id = 127697
user-login = "bendk"

[[publisher.uniffi_udl]]
version = "0.29.3"
when = "2025-06-06"
user-id = 127697
user-login = "bendk"

[[publisher.utf8_iter]]
version = "1.0.4"
when = "2023-12-01"
user-id = 4484
user-login = "hsivonen"
user-name = "Henri Sivonen"

[[publisher.walkdir]]
version = "2.3.2"
when = "2021-03-22"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.warp]]
version = "0.3.7"
when = "2024-04-05"
user-id = 359
user-login = "seanmonstar"
user-name = "Sean McArthur"

[[publisher.wasi]]
version = "0.14.2+wasi-0.2.4"
when = "2025-02-28"
user-id = 1
user-login = "alexcrichton"
user-name = "Alex Crichton"

[[publisher.wasm-encoder]]
version = "0.236.0"
when = "2025-07-28"
user-id = 73222
user-login = "wasmtime-publish"

[[publisher.wasm-smith]]
version = "0.227.1"
when = "2025-03-07"
user-id = 73222
user-login = "wasmtime-publish"

[[publisher.wasmparser]]
version = "0.236.0"
when = "2025-07-28"
user-id = 73222
user-login = "wasmtime-publish"

[[publisher.wast]]
version = "236.0.0"
when = "2025-07-28"
user-id = 73222
user-login = "wasmtime-publish"

[[publisher.weedle2]]
version = "5.0.0"
when = "2024-01-24"
user-id = 127697
user-login = "bendk"

[[publisher.winapi-util]]
version = "0.1.5"
when = "2020-04-20"
user-id = 189
user-login = "BurntSushi"
user-name = "Andrew Gallant"

[[publisher.windows]]
version = "0.62.2"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-collections]]
version = "0.3.2"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-core]]
version = "0.62.2"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-future]]
version = "0.3.2"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-implement]]
version = "0.60.2"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-interface]]
version = "0.59.3"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-link]]
version = "0.2.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-numerics]]
version = "0.3.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-result]]
version = "0.4.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-strings]]
version = "0.5.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-sys]]
version = "0.52.0"
when = "2023-11-15"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.windows-threading]]
version = "0.2.1"
when = "2025-10-06"
user-id = 64539
user-login = "kennykerr"
user-name = "Kenny Kerr"

[[publisher.winnow]]
version = "0.7.13"
when = "2025-08-22"
user-id = 6743
user-login = "epage"
user-name = "Ed Page"

[[publisher.wit-bindgen-rt]]
version = "0.39.0"
when = "2025-02-05"
user-id = 73222
user-login = "wasmtime-publish"

[[publisher.zeitstempel]]
version = "0.2.0"
when = "2025-10-06"
user-id = 48
user-login = "badboy"
user-name = "Jan-Erik Rediger"

[[audits.bytecode-alliance.wildcard-audits.bumpalo]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
user-id = 696 # Nick Fitzgerald (fitzgen)
start = "2019-03-16"
end = "2026-08-21"

[[audits.bytecode-alliance.wildcard-audits.wasm-encoder]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
user-id = 73222 # wasmtime-publish
start = "2023-01-01"
end = "2026-06-03"
notes = """
The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate
publication of this crate from CI. This repository requires all PRs are reviewed
by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself.
"""

[[audits.bytecode-alliance.wildcard-audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
user-id = 73222 # wasmtime-publish
start = "2023-01-01"
end = "2026-06-03"
notes = """
The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate
publication of this crate from CI. This repository requires all PRs are reviewed
by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself.
"""

[[audits.bytecode-alliance.wildcard-audits.wast]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
user-id = 73222 # wasmtime-publish
start = "2023-01-01"
end = "2026-06-03"
notes = """
The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate
publication of this crate from CI. This repository requires all PRs are reviewed
by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself.
"""

[[audits.bytecode-alliance.wildcard-audits.wit-bindgen-rt]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
user-id = 73222 # wasmtime-publish
start = "2023-01-01"
end = "2026-06-03"
notes = """
The Bytecode Alliance uses the `wasmtime-publish` crates.io account to automate
publication of this crate from CI. This repository requires all PRs are reviewed
by a Bytecode Alliance maintainer and it owned by the Bytecode Alliance itself.
"""

[[audits.bytecode-alliance.audits.adler2]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "2.0.0"
notes = "Fork of the original `adler` crate, zero unsfae code, works in `no_std`, does what it says on th tin."

[[audits.bytecode-alliance.audits.allocator-api2]]
who = "Chris Fallin <chris@cfallin.org>"
criteria = "safe-to-deploy"
delta = "0.2.18 -> 0.2.20"
notes = """
The changes appear to be reasonable updates from Rust's stdlib imported into
`allocator-api2`'s copy of this code.
"""

[[audits.bytecode-alliance.audits.arbitrary]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "1.4.1"

[[audits.bytecode-alliance.audits.arrayref]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "0.3.6"
notes = """
Unsafe code, but its logic looks good to me. Necessary given what it is
doing. Well tested, has quickchecks.
"""

[[audits.bytecode-alliance.audits.arrayvec]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "0.7.2"
notes = """
Well documented invariants, good assertions for those invariants in unsafe code,
and tested with MIRI to boot. LGTM.
"""

[[audits.bytecode-alliance.audits.base64]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.21.0"
notes = "This crate has no dependencies, no build.rs, and contains no unsafe code."

[[audits.bytecode-alliance.audits.base64]]
who = "Andrew Brown <andrew.brown@intel.com>"
criteria = "safe-to-deploy"
delta = "0.21.3 -> 0.22.1"

[[audits.bytecode-alliance.audits.bitflags]]
who = "Jamey Sharp <jsharp@fastly.com>"
criteria = "safe-to-deploy"
delta = "2.1.0 -> 2.2.1"
notes = """
This version adds unsafe impls of traits from the bytemuck crate when built
with that library enabled, but I believe the impls satisfy the documented
safety requirements for bytemuck. The other changes are minor.
"""

[[audits.bytecode-alliance.audits.bitflags]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "2.3.2 -> 2.3.3"
notes = """
Nothing outside the realm of what one would expect from a bitflags generator,
all as expected.
"""

[[audits.bytecode-alliance.audits.bitflags]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "2.4.1 -> 2.6.0"
notes = """
Changes in how macros are invoked and various bits and pieces of macro-fu.
Otherwise no major changes and nothing dealing with `unsafe`.
"""

[[audits.bytecode-alliance.audits.block-buffer]]
who = "Benjamin Bouvier <public@benj.me>"
criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.10.2"

[[audits.bytecode-alliance.audits.camino]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "1.1.4"

[[audits.bytecode-alliance.audits.cargo-platform]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = "no build, no ambient capabilities, no unsafe"

[[audits.bytecode-alliance.audits.cargo_metadata]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.15.3"
notes = "no build, no unsafe, inputs to cargo command are reasonably sanitized"

[[audits.bytecode-alliance.audits.cargo_metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.17.0 -> 0.18.1"
notes = "No major changes, no unsafe code here."

[[audits.bytecode-alliance.audits.cargo_metadata]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.18.1 -> 0.19.2"
notes = "Dependency updates and minor changes, nothing suspicious."

[[audits.bytecode-alliance.audits.cfg-if]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.0.0"
notes = "I am the author of this crate."

[[audits.bytecode-alliance.audits.codespan-reporting]]
who = "Jamey Sharp <jsharp@fastly.com>"
criteria = "safe-to-deploy"
version = "0.11.1"
notes = "This library uses `forbid(unsafe_code)` and has no filesystem or network I/O."

[[audits.bytecode-alliance.audits.core-foundation-sys]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
delta = "0.8.4 -> 0.8.6"
notes = """
The changes here are all typical bindings updates: new functions, types, and
constants. I have not audited all the bindings for ABI conformance.
"""

[[audits.bytecode-alliance.audits.cpufeatures]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.2.2 -> 0.2.7"
notes = """
This is a minor update that looks to add some more detected CPU features and
various other minor portability fixes such as MIRI support.
"""

[[audits.bytecode-alliance.audits.crossbeam-channel]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.5.4 -> 0.5.8"
notes = """
This diff does what it says on the tin for this version range, notably fixing a
race condition, improving handling of durations, and additionally swapping out a
spin lock with a lock from the standard library. Minor bits of `unsafe` code
are modified but that's expected given the nature of this crate.
"""

[[audits.bytecode-alliance.audits.crypto-common]]
who = "Benjamin Bouvier <public@benj.me>"
criteria = "safe-to-deploy"
version = "0.1.3"

[[audits.bytecode-alliance.audits.fallible-iterator]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.3.0"
notes = """
This major version update has a few minor breaking changes but everything
this crate has to do with iterators and `Result` and such. No `unsafe` or
anything like that, all looks good.
"""

[[audits.bytecode-alliance.audits.fastrand]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "2.0.0 -> 2.0.1"
notes = """
This update had a few doc updates but no otherwise-substantial source code
updates.
"""

[[audits.bytecode-alliance.audits.flate2]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "1.0.30 -> 1.1.0"
notes = """
Minor updates, mostly a new changelog with many lines. No new `unsafe` code and
mostly just updating Rust idioms.
"""

[[audits.bytecode-alliance.audits.flate2]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "1.1.0 -> 1.1.4"
notes = "Minor amounts of unsafe code but what you would expect from interfacing with FFI libraries. Otherwise nothing major."

[[audits.bytecode-alliance.audits.foldhash]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.3"
notes = """
Only a minor amount of `unsafe` code in this crate related to global per-process
initialization which looks correct to me.
"""

[[audits.bytecode-alliance.audits.foreign-types]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.2"
notes = "This crate defined a macro-rules which creates wrappers working with FFI types. The implementation of this crate appears to be safe, but each use of this macro would need to be vetted for correctness as well."

[[audits.bytecode-alliance.audits.foreign-types-shared]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.1"

[[audits.bytecode-alliance.audits.futures-channel]]
who = "Joel Dice <joel.dice@gmail.com>"
criteria = "safe-to-deploy"
version = "0.3.31"

[[audits.bytecode-alliance.audits.futures-core]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.27"
notes = "Unsafe used to implement a concurrency primitive AtomicWaker. Well-commented and not obviously incorrect. Like my other audits of these concurrency primitives inside the futures family, I couldn't certify that it is correct without formal methods, but that is out of scope for this vetting."

[[audits.bytecode-alliance.audits.futures-core]]
who = "Pat Hickey <pat@moreproductive.org>"
criteria = "safe-to-deploy"
delta = "0.3.28 -> 0.3.31"

[[audits.bytecode-alliance.audits.futures-executor]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.27"
notes = "Unsafe used to implement the unpark mutex, which is well commented and not obviously incorrect. Like with futures-channel I wouldn't be able to certify it as correct without formal methods."

[[audits.bytecode-alliance.audits.futures-io]]
who = "Joel Dice <joel.dice@gmail.com>"
criteria = "safe-to-deploy"
version = "0.3.31"

[[audits.bytecode-alliance.audits.futures-macro]]
who = "Joel Dice <joel.dice@gmail.com>"
criteria = "safe-to-deploy"
version = "0.3.31"

[[audits.bytecode-alliance.audits.futures-sink]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.27"

[[audits.bytecode-alliance.audits.futures-sink]]
who = "Pat Hickey <pat@moreproductive.org>"
criteria = "safe-to-deploy"
delta = "0.3.28 -> 0.3.31"

[[audits.bytecode-alliance.audits.futures-task]]
who = "Pat Hickey <pat@moreproductive.org>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.31"

[[audits.bytecode-alliance.audits.futures-util]]
who = "Pat Hickey <pat@moreproductive.org>"
criteria = "safe-to-deploy"
delta = "0.3.27 -> 0.3.31"
notes = "New waker_ref module contains \"FIXME: panics on Arc::clone / refcount changes could wreak havoc...\" comment, but this corner case feels low risk."

[[audits.bytecode-alliance.audits.gimli]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.29.0 -> 0.31.0"
notes = "Various updates here and there, nothing too major, what you'd expect from a DWARF parsing crate."

[[audits.bytecode-alliance.audits.hashbrown]]
who = "Chris Fallin <chris@cfallin.org>"
criteria = "safe-to-deploy"
delta = "0.14.5 -> 0.15.2"

[[audits.bytecode-alliance.audits.heck]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.4.1 -> 0.5.0"
notes = "Minor changes for a `no_std` upgrade but otherwise everything looks as expected."

[[audits.bytecode-alliance.audits.httpdate]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "1.0.2"
notes = "No unsafety, no io"

[[audits.bytecode-alliance.audits.iana-time-zone-haiku]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
version = "0.1.2"

[[audits.bytecode-alliance.audits.id-arena]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
version = "2.2.1"
notes = "I am the author of this crate."

[[audits.bytecode-alliance.audits.idna]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.3.0"
notes = """
This is a crate without unsafe code or usage of the standard library. The large
size of this crate comes from the large generated unicode tables file. This
crate is broadly used throughout the ecosystem and does not contain anything
suspicious.
"""

[[audits.bytecode-alliance.audits.itertools]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
delta = "0.10.5 -> 0.12.1"
notes = """
Minimal `unsafe` usage. Few blocks that existed looked reasonable. Does what it
says on the tin: lots of iterators.
"""

[[audits.bytecode-alliance.audits.itertools]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.12.1 -> 0.14.0"
notes = """
Lots of new iterators and shuffling some things around. Some new unsafe code but
it's well-documented and well-tested. Nothing suspicious.
"""

[[audits.bytecode-alliance.audits.itoa]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
delta = "1.0.11 -> 1.0.14"

[[audits.bytecode-alliance.audits.jobserver]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.1.25 -> 0.1.32"

[[audits.bytecode-alliance.audits.leb128fmt]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "Well-scoped crate do doing LEB encoding with no `unsafe` code and does what it says on the tin."

[[audits.bytecode-alliance.audits.libc]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.2.153 -> 0.2.158"
notes = "More platforms, more definitions, more headers, it's still just `libc`"

[[audits.bytecode-alliance.audits.libc]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
delta = "0.2.158 -> 0.2.161"

[[audits.bytecode-alliance.audits.libc]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.2.161 -> 0.2.171"
notes = """
Lots of unsafe, but that's par for the course with libc, it's all FFI type
definitions updates/adjustments/etc.
"""

[[audits.bytecode-alliance.audits.memoffset]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.7.1 -> 0.8.0"
notes = "This was a small update to the crate which has to do with Rust language features and compiler versions, no substantial changes."

[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.7.1"
notes = """
This crate is a Rust implementation of zlib compression/decompression and has
been used by default by the Rust standard library for quite some time. It's also
a default dependency of the popular `backtrace` crate for decompressing debug
information. This crate forbids unsafe code and does not otherwise access system
resources. It's originally a port of the `miniz.c` library as well, and given
its own longevity should be relatively hardened against some of the more common
compression-related issues.
"""

[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.7.1 -> 0.8.0"
notes = "Minor updates, using new Rust features like `const`, no major changes."

[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.8.0 -> 0.8.5"
notes = """
Lots of small updates here and there, for example around modernizing Rust
idioms. No new `unsafe` code and everything looks like what you'd expect a
compression library to be doing.
"""

[[audits.bytecode-alliance.audits.miniz_oxide]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.8.5 -> 0.8.9"
notes = "No new unsafe code, just refactorings."

[[audits.bytecode-alliance.audits.mio]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.8.6 -> 0.8.8"
notes = "Mostly OS portability updates along with some minor bugfixes."

[[audits.bytecode-alliance.audits.num-traits]]
who = "Andrew Brown <andrew.brown@intel.com>"
criteria = "safe-to-deploy"
version = "0.2.19"
notes = "As advertised: a numeric library. The only `unsafe` is from some float-to-int conversions, which seems expected."

[[audits.bytecode-alliance.audits.object]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.30.3 -> 0.31.1"
notes = "A large-ish update to the crate but nothing out of the ordering. Support for new formats like xcoff, new constants, minor refactorings, etc. Nothing out of the ordinary."

[[audits.bytecode-alliance.audits.object]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.31.1 -> 0.32.0"
notes = "Various new features and refactorings as one would expect from an object parsing crate, all looks good."

[[audits.bytecode-alliance.audits.object]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.32.0 -> 0.33.0"
notes = """
No `unsafe` code in this update. Lots of changes but all
object-file-format-related, everything looks good.
"""

[[audits.bytecode-alliance.audits.percent-encoding]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "2.2.0"
notes = """
This crate is a single-file crate that does what it says on the tin. There are
a few `unsafe` blocks related to utf-8 validation which are locally verifiable
as correct and otherwise this crate is good to go.
"""

[[audits.bytecode-alliance.audits.pin-utils]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.0"

[[audits.bytecode-alliance.audits.pkg-config]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.25"
notes = "This crate shells out to the pkg-config executable, but it appears to sanitize inputs reasonably."

[[audits.bytecode-alliance.audits.rustc-demangle]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.1.21"
notes = "I am the author of this crate."

[[audits.bytecode-alliance.audits.rustix]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
delta = "0.38.34 -> 0.38.39"

[[audits.bytecode-alliance.audits.semver]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "1.0.17"
notes = "plenty of unsafe pointer and vec tricks, but in well-structured and commented code that appears to be correct"

[[audits.bytecode-alliance.audits.sharded-slab]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.1.4"
notes = "I always really enjoy reading eliza's code, she left perfect comments at every use of unsafe."

[[audits.bytecode-alliance.audits.shlex]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = "Only minor `unsafe` code blocks which look valid and otherwise does what it says on the tin."

[[audits.bytecode-alliance.audits.slab]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.4.6"
notes = "provides a datastructure implemented using std's Vec. all uses of unsafe are just delegating to the underlying unsafe Vec methods."

[[audits.bytecode-alliance.audits.tempfile]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
delta = "3.3.0 -> 3.5.0"

[[audits.bytecode-alliance.audits.tempfile]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "3.5.0 -> 3.6.0"
notes = "Dependency updates and new optimized trait implementations, but otherwise everything looks normal."

[[audits.bytecode-alliance.audits.tracing-subscriber]]
who = "Pat Hickey <phickey@fastly.com>"
criteria = "safe-to-deploy"
version = "0.3.17"

[[audits.bytecode-alliance.audits.unicase]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "2.6.0"
notes = """
This crate contains no `unsafe` code and no unnecessary use of the standard
library.
"""

[[audits.bytecode-alliance.audits.unicode-bidi]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
version = "0.3.8"
notes = """
This crate has no unsafe code and does not use `std::*`. Skimming the crate it
does not attempt to out of the bounds of what it's already supposed to be doing.
"""

[[audits.bytecode-alliance.audits.wasm-encoder]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.236.0 -> 0.237.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasm-encoder]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.237.0 -> 0.238.1"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasm-encoder]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.238.1 -> 0.239.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasm-encoder]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.239.0 -> 0.240.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasm-encoder]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.240.0 -> 0.241.2"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasm-encoder]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.241.2 -> 0.242.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasm-encoder]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.242.0 -> 0.243.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.236.0 -> 0.237.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.237.0 -> 0.238.1"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.238.1 -> 0.239.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.239.0 -> 0.240.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.240.0 -> 0.241.2"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.241.2 -> 0.242.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "0.242.0 -> 0.243.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wast]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "236.0.0 -> 237.0.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wast]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "237.0.0 -> 238.0.1"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wast]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "238.0.1 -> 239.0.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wast]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "239.0.0 -> 240.0.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wast]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "240.0.0 -> 241.0.2"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wast]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "241.0.2 -> 242.0.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.bytecode-alliance.audits.wast]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
delta = "242.0.0 -> 243.0.0"
notes = "The Bytecode Alliance is the author of this crate"

[[audits.embark-studios.wildcard-audits.presser]]
who = "Gray Olson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
user-id = 52553 # embark-studios
start = "2021-01-01"
end = "2024-05-23"
notes = """
Small crate with no dependencies and no ambient capabilities. The safe interface of the crate
is gated behind unsafe implementation of a core trait, and care must be taken to ensure that
the relevant invariants are guaranteed when doing so. Maintained by the Ark team at Embark
and used in production.
"""

[[audits.embark-studios.audits.anyhow]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "1.0.58"

[[audits.embark-studios.audits.cargo_metadata]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
delta = "0.15.3 -> 0.15.4"
notes = "No notable changes"

[[audits.embark-studios.audits.cargo_metadata]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
delta = "0.15.4 -> 0.17.0"
notes = "No notable changes"

[[audits.embark-studios.audits.cfg_aliases]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "0.1.1"
notes = "No unsafe usage or ambient capabilities"

[[audits.embark-studios.audits.ident_case]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
version = "1.0.1"
notes = "No unsafe usage or ambient capabilities"

[[audits.embark-studios.audits.idna]]
who = "Johan Andersson <opensource@embark-studios.com>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.4.0"
notes = "No unsafe usage or ambient capabilities"

[[audits.google.audits.ash]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-deploy"
version = "0.37.0+1.3.209"
notes = "Reviewed on https://fxrev.dev/694269"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bitflags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.3.2"
notes = """
Security review of earlier versions of the crate can be found at
(Google-internal, sorry): go/image-crate-chromium-security-review

The crate exposes a function marked as `unsafe`, but doesn't use any
`unsafe` blocks (except for tests of the single `unsafe` function).  I
think this justifies marking this crate as `ub-risk-1`.

Additional review comments can be found at https://crrev.com/c/4723145/31
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bitflags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "2.6.0 -> 2.8.0"
notes = "No changes related to `unsafe impl ... bytemuck` pieces from `src/external.rs`."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bitflags]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "2.8.0 -> 2.9.0"
notes = "Adds a straightforward clear() function, but no new unsafe code."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bitreader]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "0.3.7"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.16.3"
notes = """
Review notes from the original audit (of 1.14.3) may be found in
https://crrev.com/c/5362675.  Note that this audit has initially missed UB risk
that was fixed in 1.16.2 - see https://github.com/Lokathor/bytemuck/pull/258.
Because of this, the original audit has been edited to certify version `1.16.3`
instead (see also https://crrev.com/c/5771867).
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.16.3 -> 1.17.1"
notes = "Unsafe review comments can be found in https://crrev.com/c/5813463"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bytemuck]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.17.1 -> 1.18.0"
notes = "No code changes - just altering feature flag arrangements"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bytemuck]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.18.0 -> 1.19.0"
notes = "No code changes - just comment changes and adding the track_caller attribute."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.19.0 -> 1.20.0"
notes = "`unsafe` review can be found at https://crrev.com/c/6096767"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bytemuck]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.20.0 -> 1.21.0"
notes = "Unsafe review at https://chromium-review.googlesource.com/c/chromium/src/+/6111154/"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bytemuck]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.21.0 -> 1.22.0"
notes = """
This adds new instances of unsafe, but the uses are justified:
- BoxBytes is essentially a Box<[u8], which is Send + Sync, so also marking BoxBytes as Send + Sync is justified.
- core::num::Saturating<T> meets the criteria for Zeroable + Pod, so marking it as such is justified.

See https://crrev.com/c/6321863 for more audit notes.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bytemuck_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.6.0"
notes = """
Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no
hits except for 8 occurrences of `unsafe`.  Additional `unsafe` review comments
can be found in https://crrev.com/c/5445719.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bytemuck_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.6.0 -> 1.6.1"
notes = """
No behavior/code changes AFAICT - only adding
`#[allow(clippy::multiple_bound_locations)]`, doc comments, and making
some cosmetic changes in non-`.rs` files.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bytemuck_derive]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.6.1 -> 1.7.0"
notes = """
Added support for Zeroable enums, which requires them to be represented as an integer and to have 0 as one of their values.

Other trivial/formatting changes.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bytemuck_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.7.0 -> 1.7.1"
notes = """
No impact on safety AFAICT - the delta only specifies a new attribute for
`proc_macro_derive` to work around re-export issues described at
https://github.com/Lokathor/bytemuck/issues/159
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bytemuck_derive]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.7.1 -> 1.8.0"
notes = "Unsafe review: https://crrev.com/c/5921014"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bytemuck_derive]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.8.0 -> 1.8.1"
notes = "Changes do not impact safety."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.bytemuck_derive]]
who = "Chris Palmer <palmer@google.com>"
criteria = "safe-to-deploy"
delta = "1.8.1 -> 1.9.2"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.calendrical_calculations]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.calendrical_calculations]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.1.2 -> 0.1.3"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.clap_builder]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "4.5.15"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.crc32fast]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.4.2"
notes = """
Security review of earlier versions of the crate can be found at
(Google-internal, sorry): go/image-crate-chromium-security-review

Audit comments for 1.4.2 can be found at https://crrev.com/c/4723145.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.diplomat]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.9.0"
notes = "Unsafe code pertaining to defining FFI interfaces"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.diplomat]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.10.0"
notes = "Similar unsafe code pertaining to FFI interfaces"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.diplomat-runtime]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.9.0"
notes = "Unsafe code pertaining to defining FFI-compatible types, with safety comments."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.diplomat-runtime]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.10.0"
notes = "Very minor diff"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.diplomat_core]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.9.0"
notes = "No unsafe code"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.diplomat_core]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "0.9.0 -> 0.10.0"
notes = "No unsafe code"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.equivalent]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.0.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.fastrand]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "1.9.0"
notes = """
`does-not-implement-crypto` is certified because this crate explicitly says
that the RNG here is not cryptographically secure.
"""
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.flate2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.30"
notes = '''
WARNING: This certification is a result of a **partial** audit.  The
`any_zlib` code has **not** been audited.  Ability to track partial
audits is tracked in https://github.com/mozilla/cargo-vet/issues/380
Chromium does use the `any_zlib` feature(s).  Accidentally depending on
this feature in the future is prevented using the `ban_features` feature
of `gnrt` - see:
https://crrev.com/c/4723145/31/third_party/rust/chromium_crates_io/gnrt_config.toml

Security review of earlier versions of the crate can be found at
(Google-internal, sorry): go/image-crate-chromium-security-review

I grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`.

All `unsafe` in `flate2` is gated behind `#[cfg(feature = "any_zlib")]`:

* The code under `src/ffi/...` will not be used because the `mod c`
  declaration in `src/ffi/mod.rs` depends on the `any_zlib` config
* 7 uses of `unsafe` in `src/mem.rs` also all depend on the
  `any_zlib` config:
    - 2 in `fn set_dictionary` (under `impl Compress`)
    - 2 in `fn set_level` (under `impl Compress`)
    - 3 in `fn set_dictionary` (under `impl Decompress`)

All hits of `'\bfs\b'` are in comments, or example code, or test code
(but not in product code).

There were no hits of `-i cipher`, `-i crypto`, `'\bnet\b'`.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.foldhash]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.1.4"
notes = "No changes to safety-relevant code"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.foldhash]]
who = "Chris Palmer <palmer@google.com>"
criteria = "safe-to-deploy"
delta = "0.1.4 -> 0.1.5"
notes = "No new `unsafe`."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.futures]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "0.3.28"
notes = """
`futures` has no logic other than tests - it simply `pub use`s things from
other crates.
"""
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.glob]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "0.3.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.heck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "0.4.1"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits.

`heck` (version `0.3.3`) has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.http]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.2.8"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.http-body]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.4.5"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.iana-time-zone]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.1.61"
notes = "Some unsafe: interfacing with system timezone APIs"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_calendar]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_calendar]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "No unsafe introduced"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_calendar_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_calendar_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_capi]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = "Despite being an FFI crate, it is 100% safe code since it uses Diplomat for bindings."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_capi]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "Despite being an FFI crate, it is 100% safe code since it uses Diplomat for bindings."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_casemap]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = "Safety review: One bit of unsafe DST construction from constant values. One checklisted ULE impl for a simple type wrapping RawBytesULE."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_casemap]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "No meaningful change to unsafe code"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_casemap_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_casemap_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_collections]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = """
Two instances of unsafe :
 - Non-safety related unsafe API that imposes additional invariants
 - `from_utf8` for known-UTF8 integer

Comments added/improved in https://github.com/unicode-org/icu4x/pull/6056.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_collections]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "from_utf8 unsafe removed. no new unsafe added"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_locale]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = "Covariant transform transmute; since rustc does not understand that ZeroMap is invariant"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_locale]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "No contentful changes to unsafe code"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_locale_core]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta2"
notes = """
All unsafe code commented (and improved from prior version):
  - A checklisted ULE impl
  - from-utf8 code on known-ASCII
  - Some unchecked indexing around maintained invariants
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_locale_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_locale_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_normalizer]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta2"
notes = """
All unsafe is unchecked `char` and `str` conversion, mostly well-commented.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_normalizer_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_normalizer_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_properties]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta2"
notes = "All unsafe was removed"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_properties_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_properties_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_provider]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = """
All unsafe code commented:
  - Minor unsafe transmutes between types which are identical but not type-system-provably so.
  - One unsafe EqULE impl
  - Some repr(transparent) transmutes
  - A from_utf8_unchecked for an ascii-validated string

Comment improvements can be found in https://github.com/unicode-org/icu4x/pull/6056
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_provider]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "from_utf8_unchecked unsafe remove, all other unsafe not meaningfully changed"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_provider_adapters]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_provider_adapters]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "Still contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_segmenter]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = "Unsafe code pertaining to unchecked indexing, with length checks right before it"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_segmenter]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "No change to unsafe code"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_segmenter_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta1"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_segmenter_data]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "2.0.0-beta1 -> 2.0.0-beta2"
notes = "Contains codegenned unsafe only, using safe Bake impls from zerovec/zerotrie"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.icu_time]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "2.0.0-beta2"
notes = "Does not contain any unsafe code"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.indexmap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "2.7.1"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`
and there were no hits.

There is a little bit of `unsafe` Rust code - the audit can be found at
https://chromium-review.googlesource.com/c/chromium/src/+/6187726/2
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.indexmap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "2.7.1 -> 2.8.0"
notes = """
No `unsafe` introduced or affected in:
* `indexmap_with_default!` and `indexset_with_default!` macros
* New `PartialEq` implementations
* `fn slice_eq` in `util.rs`
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.itoa]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.14 -> 1.0.15"
notes = "Only minor rustdoc changes."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.ixdtf]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.3.0"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.ixdtf]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.4.0"
notes = "No unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.litemap]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.7.4"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.litemap]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.7.4 -> 0.7.5"
notes = "Delta implements the entry API but doesn't add or change any unsafe code."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.log]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-deploy"
version = "0.4.22"
notes = """
Unsafe review in https://docs.google.com/document/d/1IXQbD1GhTRqNHIGxq6yy7qHqxeO4CwN5noMFXnqyDIM/edit?usp=sharing

Unsafety is generally very well-documented, with one exception, which we
describe in the review doc.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.log]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.4.22 -> 0.4.25"
notes = "No impact on `unsafe` usage in `lib.rs`."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.log]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.4.25 -> 0.4.26"
notes = "Only trivial code and documentation changes."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.nom]]
who = "danakj@chromium.org"
criteria = "safe-to-deploy"
version = "7.1.3"
notes = """
Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.num-integer]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.1.46"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.num-rational]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.4.2"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.pin-project]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "1.0.12"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.pin-project-internal]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "1.0.12"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.pin-project-lite]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-deploy"
version = "0.2.9"
notes = "Reviewed on https://fxrev.dev/824504"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.pin-project-lite]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-deploy"
delta = "0.2.9 -> 0.2.13"
notes = "Audited at https://fxrev.dev/946396"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.potential_utf]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "Contains a handful of lines of from-UTF8 unsafety and some `repr(transparent)` casting unsafety. Reasonably well commented, could do with listing invariants explicitly."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.potential_utf]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.1.2"
notes = "Addition of safe comparison APIs since last audit"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.quick-xml]]
who = "Matthew DeVore <matvore@chromium.org>"
criteria = "safe-to-run"
version = "0.30.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.quote]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.36 -> 1.0.37"
notes = """
The delta just 1) inlines/expands `impl ToTokens` that used to be handled via
`primitive!` macro and 2) adds `impl ToTokens` for `CStr` and `CString`.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.quote]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.37 -> 1.0.38"
notes = "Still no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.quote]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.38 -> 1.0.39"
notes = "Only minor changes for clippy lints and documentation."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.quote]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.39 -> 1.0.40"
notes = """
The delta is just a simplification of how `tokens.extend(...)` call is made.
Still no `unsafe` anywhere.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rand]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "0.8.5"
notes = """
For more detailed unsafe review notes please see https://crrev.com/c/6362797
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.regex-syntax]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.8.5"
notes = "Contains no unsafe"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rustversion]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.0.14"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits except for:

* Using trivially-safe `unsafe` in test code:

    ```
    tests/test_const.rs:unsafe fn _unsafe() {}
    tests/test_const.rs:const _UNSAFE: () = unsafe { _unsafe() };
    ```

* Using `unsafe` in a string:

    ```
    src/constfn.rs:            \"unsafe\" => Qualifiers::Unsafe,
    ```

* Using `std::fs` in `build/build.rs` to write `${OUT_DIR}/version.expr`
  which is later read back via `include!` used in `src/lib.rs`.

Version `1.0.6` of this crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rustversion]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.14 -> 1.0.15"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rustversion]]
who = "danakj <danakj@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.15 -> 1.0.16"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rustversion]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.16 -> 1.0.17"
notes = "Just updates windows compat"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rustversion]]
who = "Liza Burakova <liza@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.17 -> 1.0.18"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.rustversion]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.0.18 -> 1.0.19"
notes = "No unsafe, just doc changes"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.scoped-tls]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-run"
version = "1.0.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.serde_urlencoded]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.7.1"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.sfv]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "0.9.4"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits.
'''
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.simd-adler32]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "0.3.7"
notes = """
Security review of earlier versions of the crate can be found at
(Google-internal, sorry): go/image-crate-chromium-security-review

Audit comments for 1.3.2 can be found at https://crrev.com/c/4723145.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.smallvec]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "1.13.2"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.smallvec]]
who = "Jonathan Hao <phao@chromium.org>"
criteria = "safe-to-deploy"
delta = "1.13.2 -> 1.14.0"
notes = """
WARNING: This certification is a result of a **partial** audit. The
`malloc_size_of` feature has **not** been audited. This feature does
not explicitly document its safety requirements.
See also https://chromium-review.googlesource.com/c/chromium/src/+/6275133/comment/ea0d7a93_98051a2e/
and https://github.com/servo/malloc_size_of/issues/8.
This feature is banned in gnrt_config.toml.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.socket2]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-deploy"
delta = "0.4.4 -> 0.5.5"
notes = "Reviewed at https://fxrev.dev/946307"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.stable_deref_trait]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "1.2.0"
notes = "Purely a trait, crates using this should be carefully vetted since self-referential stuff can be super tricky around various unsafe rust edges."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.static_assertions]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.1.0"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits except for one `unsafe`.

The lambda where `unsafe` is used is never invoked (e.g. the `unsafe` code
never runs) and is only introduced for some compile-time checks.  Additional
unsafe review comments can be found in https://crrev.com/c/5353376.

This crate has been added to Chromium in https://crrev.com/c/3736562.  The CL
description contains a link to a document with an additional security review.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.strck]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "1.0.0"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.strsim]]
who = "danakj@chromium.org"
criteria = "safe-to-deploy"
version = "0.10.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.strum]]
who = "danakj@chromium.org"
criteria = "safe-to-deploy"
version = "0.25.0"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.strum_macros]]
who = "danakj@chromium.org"
criteria = "safe-to-deploy"
version = "0.25.3"
notes = """
Reviewed in https://crrev.com/c/5171063

Previously reviewed during security review and the audit is grandparented in.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.tokio-stream]]
who = "David Koloski <dkoloski@google.com>"
criteria = "safe-to-deploy"
version = "0.1.11"
notes = "Reviewed on https://fxrev.dev/804724"
aggregated-from = "https://fuchsia.googlesource.com/fuchsia/+/refs/heads/main/third_party/rust_crates/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.tower-service]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.3.2"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.try-lock]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.2.3"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.version_check]]
who = "George Burgess IV <gbiv@google.com>"
criteria = "safe-to-deploy"
version = "0.9.4"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.want]]
who = "ChromeOS"
criteria = "safe-to-run"
version = "0.3.0"
aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT"

[[audits.google.audits.writeable]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.6.0"
notes = "Contains three lines of unsafe, thoroughly commented: one is for from-UTF8 on ASCII, the other two are for from-UTF8 on a datastructure that keeps track of a buffer with partial UTF8 validation. Relatively straigtforward."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.writeable]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.6.0 -> 0.6.1"
notes = "Minor comment/documentation updates and switch to a non-panicking alternative to split_at()."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.yoke]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.7.5"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.yoke]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.7.5 -> 0.8.0"
notes = """
Cleaning up a previous hack for adding trait bounds to yoke objects. Unsafe changes:
- deleting the hack itself removes a lot of unsafe use required in the hack's implementation
- changes another unsafe use to remove the use of the hack, now that it's no longer needed


See https://crrev.com/c/6323349 for more audit notes.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.yoke-derive]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.7.5"
notes = "Custom derive implementing the `Yokeable` trait. Generally generates simple code that asserts covariance."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.yoke-derive]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.7.5 -> 0.8.0"
notes = "No code changes: only incrementing the version."
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.zerotrie]]
who = "Manish Goregaokar <manishearth@google.com>"
criteria = "safe-to-deploy"
version = "0.2.0"
notes = "Minor repr(transparent) unsafe code. Improved comments in https://github.com/unicode-org/icu4x/pull/6054"
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.google.audits.zerotrie]]
who = "Daniel Cheng <dcheng@chromium.org>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.2.1"
notes = """
Changes in unsafe blocks are wrapping direct calls to `core::mem::transmute` with the `transparent_ref_from_store` wrapper.
No safety guarantees change, but providing the `transparent_ref_from_store` as a wrapper provides a convenient marker that this transmute operation is actually sound.

See https://crrev.com/c/6323349 for more audit notes.
"""
aggregated-from = "https://chromium.googlesource.com/chromium/src/+/main/third_party/rust/chromium_crates_io/supply-chain/audits.toml?format=TEXT"

[[audits.isrg.wildcard-audits.prio]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
user-id = 213776 # divviup-github-automation
start = "2020-09-28"
end = "2026-01-07"
renew = false

[[audits.isrg.audits.base64]]
who = "Tim Geoghegan <timg@letsencrypt.org>"
criteria = "safe-to-deploy"
delta = "0.21.0 -> 0.21.1"

[[audits.isrg.audits.base64]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.21.1 -> 0.21.2"

[[audits.isrg.audits.base64]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.21.2 -> 0.21.3"

[[audits.isrg.audits.block-buffer]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.9.0"

[[audits.isrg.audits.digest]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.10.6 -> 0.10.7"

[[audits.isrg.audits.getrandom]]
who = "Tim Geoghegan <timg@letsencrypt.org>"
criteria = "safe-to-deploy"
delta = "0.2.9 -> 0.2.10"
notes = "These changes include some new `unsafe` code for the `emscripten` and `psvita` targets, but all it does is call `libc::getentropy`."

[[audits.isrg.audits.getrandom]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.11 -> 0.2.12"

[[audits.isrg.audits.getrandom]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.12 -> 0.2.14"

[[audits.isrg.audits.getrandom]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.2.14 -> 0.2.15"

[[audits.isrg.audits.keccak]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.1.2"

[[audits.isrg.audits.keccak]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.1.4"

[[audits.isrg.audits.libz-rs-sys]]
who = "Ameer Ghani <inahga@divviup.org>"
criteria = "safe-to-deploy"
version = "0.4.0"
notes = """
This crate uses unsafe since it's for C to Rust FFI. I have reviewed and fuzzed it, and I believe it is free of any serious security problems.

The only dependency is zlib-rs, which is maintained by the same maintainers as this crate.
"""

[[audits.isrg.audits.libz-rs-sys]]
who = "Ameer Ghani <inahga@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.4.0 -> 0.4.1"

[[audits.isrg.audits.num-iter]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.1.43 -> 0.1.44"

[[audits.isrg.audits.num-iter]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.1.44 -> 0.1.45"

[[audits.isrg.audits.once_cell]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.17.1 -> 1.17.2"

[[audits.isrg.audits.once_cell]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.17.2 -> 1.18.0"

[[audits.isrg.audits.once_cell]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.18.0 -> 1.19.0"

[[audits.isrg.audits.once_cell]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.19.0 -> 1.20.1"

[[audits.isrg.audits.rand_chacha]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.3.1"

[[audits.isrg.audits.rand_core]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.6.3"

[[audits.isrg.audits.rayon]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.6.1 -> 1.7.0"

[[audits.isrg.audits.rayon]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.7.0 -> 1.8.0"

[[audits.isrg.audits.rayon]]
who = "Ameer Ghani <inahga@divviup.org>"
criteria = "safe-to-deploy"
delta = "1.8.0 -> 1.8.1"

[[audits.isrg.audits.rayon]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.8.1 -> 1.9.0"

[[audits.isrg.audits.rayon]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "1.9.0 -> 1.10.0"

[[audits.isrg.audits.rayon-core]]
who = "Ameer Ghani <inahga@divviup.org>"
criteria = "safe-to-deploy"
version = "1.12.1"

[[audits.isrg.audits.sha2]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.10.2"

[[audits.isrg.audits.sha3]]
who = "David Cook <dcook@divviup.org>"
criteria = "safe-to-deploy"
version = "0.10.6"

[[audits.isrg.audits.sha3]]
who = "Brandon Pitman <bran@bran.land>"
criteria = "safe-to-deploy"
delta = "0.10.7 -> 0.10.8"

[[audits.isrg.audits.zlib-rs]]
who = "Ameer Ghani <inahga@divviup.org>"
criteria = "safe-to-deploy"
version = "0.4.0"
notes = """
zlib-rs uses unsafe Rust for invoking compiler intrinsics (i.e. SIMD), eschewing bounds checks, along the FFI boundary, and for interacting with pointers sourced from C. I have extensively reviewed and fuzzed the unsafe code. All findings from that work have been resolved as of version 0.4.0. To the best of my ability, I believe it's free of any serious security problems.

zlib-rs does not require any external dependencies.
"""

[[audits.isrg.audits.zlib-rs]]
who = "Ameer Ghani <inahga@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.4.0 -> 0.4.1"

[[audits.isrg.audits.zlib-rs]]
who = "Ameer Ghani <inahga@divviup.org>"
criteria = "safe-to-deploy"
delta = "0.4.1 -> 0.4.2"

[[audits.mozilla.wildcard-audits.uniffi_internal_macros]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 127697 # bendk
start = "2025-02-06"
end = "2026-03-14"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.wildcard-audits.weedle2]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 127697 # bendk
start = "2022-06-16"
end = "2026-03-14"
notes = "Maintained by Mozilla"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.wildcard-audits.zeitstempel]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
user-id = 48 # Jan-Erik Rediger (badboy)
start = "2021-03-03"
end = "2026-07-02"
notes = "Maintained by me"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.basic-toml]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = "TOML parser, forked from toml 0.5"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.bitflags]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "2.4.0 -> 2.4.1"
notes = "Only allowing new clippy lints"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.chrono]]
who = "Lars Eggert <lars@eggert.org>"
criteria = "safe-to-deploy"
delta = "0.4.40 -> 0.4.41"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.crossbeam-channel]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.5.8 -> 0.5.11"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.crossbeam-channel]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.5.11 -> 0.5.12"
notes = "Minimal change fixing a memory leak."
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.crossbeam-channel]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.5.13 -> 0.5.14"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.crossbeam-channel]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.5.14 -> 0.5.15"
notes = "Fixes a regression from an earlier version which could lead to a double free"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.crossbeam-utils]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.8.14 -> 0.8.19"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.deranged]]
who = "Lars Eggert <lars@eggert.org>"
criteria = "safe-to-deploy"
delta = "0.3.11 -> 0.4.0"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.either]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "1.6.1"
notes = """
Straightforward crate providing the Either enum and trait implementations with
no unsafe code.
"""
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"

[[audits.mozilla.audits.lazy_static]]
who = "Nika Layzell <nika@thelayzells.com>"
criteria = "safe-to-deploy"
version = "1.4.0"
notes = "I have read over the macros, and audited the unsafe code."
aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml"

[[audits.mozilla.audits.rkv]]
who = "Kagami Sascha Rosylight <krosylight@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.18.4 -> 0.19.0"
notes = "Maintained by Mozilla, no addition of unsafe blocks"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.rkv]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.19.0 -> 0.20.0"
notes = "Removed all LMDB-specific code, added malloc_size_of integration"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.scroll]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.11.0 -> 0.12.0"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.scroll_derive]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.11.1 -> 0.12.0"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.siphasher]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.3.10 -> 0.3.11"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.smawk]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.3.2"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.textwrap]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.15.0"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.time]]
who = "Lars Eggert <lars@eggert.org>"
criteria = "safe-to-deploy"
delta = "0.3.36 -> 0.3.41"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"

[[audits.mozilla.audits.time-core]]
who = "Lars Eggert <lars@eggert.org>"
criteria = "safe-to-deploy"
delta = "0.1.2 -> 0.1.4"
aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml"